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Description 

BACKGROUND OF THE INVENTION 

1 . Field of the Invention 

The present invention relates to a system for 
acquiring a data field in an integrated circuit card 
(IC card) for multiple services. The system accord- 
ing to the present invention discriminates whether 
or not a service for which a data field area is 
acquired is provided by an authorized source, and 
controls the acquisition of the data field area within 
an allowable range. 

2. Description of the Related Art 

In an IC card for multiple services, all the 
services to be provided are not always determined 
upon card issuance. The IC card often has vacant 
areas. When the IC card has vacant areas, some 
services may be additionally provided to the vacant 
areas in the card after card issuance. 

The source which additionally provides a ser- 
vice must not be an arbitrary third party, but one of 
several limited companies, organizations, company 
groups, organization groups, or the like. Also, the 
data field area used must be limited. If a given 
service supplier is allowed to use any size of area, 
another would find it difficult to additionally provide 
a service. Therefore, it is desired that each service 
supplier be allowed to use only up to a predeter- 
mined size of area. 

In a conventional system for acquiring a data 
field area, the data field area is additionally ac- 
quired based on the area size demand input from a 
terminal apparatus to an IC card and the data field 
information already formed in the IC card. Exam- 
ples of such a system can be found in the publica- 
tion "Smart Cards, The New Bank Cards" by 
Jerome Svigals, published by MacMillan Publishing 
Company, 1985, 1987, and document 
ISO/TC68/SC6/WG7 issued by INTAMIC on behalf 
of BSI 

In the conventional system, data field formation 
demand input from a terminal apparatus can be 
accepted regardless of the demander, and the data 
field area, corresponding to the demanded area 
size is acquired in so far as there is a vacant data 
field area in the IC card. In the conventional sys- 
tem, therefore, there are problems that, if only a 
former of a data field obtains a right and approval 
for forming an area, a data field may be formed in 
the IC card by an unauthorized source, or the data 
field area in the IC card may be exclusively oc- 
cupied by a specific service supplier, and there 
may be a disadvantage that, if an attempt is made 
to add an additional service to the IC card, there is 



no area vacant for such an additional service. 

Another example of an IC memory card system 
specially adapted for confidential data is disclosed 
in FR-A-2 473 755. The memory of this prior art is 

5 divided into a zone containining an undeletable 
user identification code and a separate zone for 
storing data such as commercial transactions. The 
data can only be deleted by a specially authorized 
group of users. A comparator is provided to au- 

w thorize access to the data zone only if there is 
correspondence between a code entered on an 
external device to which the card is connected and 
the code stored in the card. 

75 SUMMARY OF THE INVENTION 

It is an object of the present invention to pro- 
vide an improved system for data field area ac- 
quisition wherein a plurality of area user identifica- 

20 tions and authentication codes and usable area 
size data are stored in an IC card upon issuance of 
the IC card. A data field formation demand by a 
person other than an authenticated area user or a 
data field formation demand for an area larger than 

25 a predetermined size is rejected, so the IC card 
can be protected from illegal data field formation. 

According to the present invention, there is 
provided a system for data field area acquisition in 
an IC card for multiple services, as defined in claim 

30 1 . 

BRIEF DESCRIPTION OF THE DRAWINGS 

In the drawings, 
35 Fig. 1 is a perspective view of an IC card used 
in a system of the present invention; 
Fig. 2 is a circuit diagram when the IC card 
used in the system of the present invention is 
used; 

40 Fig. 3 is a view showing a conventional system; 

Fig. 4 is a block diagram of a system according 

to an embodiment of the present invention; 

Fig. 5 is a flow chart showing the operation of 

the system shown in Fig. 4; and 
45 Fig. 6 is a view for supplementarily explaining 

the system shown in Fig. 4. 

DESCRIPTION OF THE PREFERRED EMBODI- 
MENT 

50 

Prior to a description of a preferred embodi- 
ment of the present invention, an IC card as used 
both in the system of the present invention and a 
conventional system will be described. Figures 1 
55 and 2 are for explaining an IC card. As shown in 
Fig. 1, an IC card has contacts, an integrated 
circuit module arranged beneath the contacts, and 
an area to be embossed. 
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Figure 2 shows a terminal apparatus electri- 
cally connected to the IC card, a program portion 
for requesting formation of a data field, and a 
transmission path through which an area user iden- 
tification and an authentication code (AC code) 
designated by the program and an area size de- 
mand are transmitted to the IC card. 

The IC card includes a CPU as a data proces- 
sor, a memory, such as EPROM and/OR EEPROM, 
for storing input information, control information, 
and data fields, and a ROM for storing control 
programs. In addition, a plurality of metal contacts 
for electrically contacting an external apparatus are 
provided on the surface or back of the card. 

Figure 3 shows an example of a conventional 
system for acquiring a data field area. In Fig. 3, 
reference numeral 13' denotes a portion for input- 
ting an area size demand; 81, 82, and 83, data 
fields already formed in an IC card; 80, an addition- 
ally acquired data field; and 4' , a portion for acquir- 
ing data field area. 

In the conventional system shown in Fig. 3, a 
data field formation demand sent from a terminal 
apparatus is accepted regardless of the requester 
when the requester is authenticated by general 
authentication such as a personal identification 
number and an authentication code for an IC card. 
Thus, a data field area corresponding to an area 
size demand is acquired by the portion 4' as long 
as the IC card has a vacant area. In this manner, a 
data field is additionally formed. 

A system for data field area acquisition in an IC 
card for plural services according to an embodi- 
ment of the present invention will now be described 
with reference to Figs. 4 and 5. Figure 4 shows a 
system according to an embodiment of the present 
invention. 

The system of Fig. 4 includes an area user 
identification inputting portion 11, an authentication 
code inputting portion 12, a portion 13 for inputting 
an area size demand, area user identifications 51, 
area user authentication codes 52, usable area 
sizes 53, and a storage 5 for a table for data field 
control, constituted by the plurality of area user 
identifications 51 , the authentication codes 52, and 
the usable area sizes 53. 

The system of Fig. 4 also includes memories 
for area user identifications 61, 62, and 63 cor- 
responding to the data fields, area size information 
71, 72, and 73 corresponding to the data fields, 
data fields 81, 82, and 83, an area user identifica- 
tion 60 corresponding to a data field 80 to be 
additionally acquired, an area size information 70 of 
the data field to be additionally acquired, and an 
additionally acquired data field 80. 

The system of Fig. 4 further includes an area 
user authentication portion 2, a portion 3 for cal- 
culating a remainder area for an authenticated area 



user; and a portion 4 for additionally acquiring a 
data field area. 

The operation of the system shown in Fig. 4 
will now be described. The authenticating portion 2 

5 compares an input area user identification from the 
portion 11 and an input authentication code from 
the portion 12 with a corresponding area user iden- 
tification and an authentication code stored in the 
table storage 5. An authentication code corre- 

10 sponding to an area user identification in the table 
storage 5 which coincides with the area user iden- 
tification is validated with regard to the input au- 
thentication code, thereby authenticating an area 
user. 

75 When an area user is authenticated, a sum of 

area sizes of already formed data fields is sub- 
tracted from a corresponding usable area size in 
the table storage 5, thereby calculating a remainder 
usable area of the corresponding area user. 

20 When the remainder usable area size is equal 

to or larger than the demanded area size, the data 
field area acquiring portion 4 is operated. 

When the vacant area in the IC card is equal to 
or larger than the demanded area size, the data 

25 field area acquiring portion 4 acquires an area in 
the vacant area, and thus additionally forms a data 
field. 

Figure 5 is a flow chart for explaining the 
operation of the system shown in Fig. 4. 

30 A memory data field formation demand, a user 

identification, an authentication code, and an area 
size demand for the IC card are received from a 
terminal apparatus. 

The CPU searches for an area user identifica- 

35 tion corresponding to the input area user identifica- 
tion in the table storage 5 (step S1). 

When no coincident identification is found, it is 
determined that a demander is not an authen- 
ticated area user, and an error indication is made. 

40 For example, a non-response state is estab- 

lished for an external apparatus, or information 
indicating that registration is not permitted is in- 
dicated as a response signal. 

If a coincident identification is found, an au- 

45 thentication code in the table storage correspond- 
ing to the identification is validated with regard to 
the input authentication code (step S2). 

If the validation result is noncoincidence, it is 
determined that a demander is not an authen- 

50 ticated area user, and an error indication is made. 
However, when coincidence is established, it is 
determined that a demander is an authenticated 
area user, and the control advances to authentica- 
tion of the area size (step S3). 

55 Area user identifications in data fields in the IC 

card are compared with the input area user iden- 
tification so as to find a coincident data field (step 
S4). 
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Then, the CPU sums the area sizes of these 
data fields and derives the sum as a used area size 
with respect to the area user identification (step 
S5). 

If the area has not been used, the sum is zero. 

Next, the used area size is subtracted from a 
usable area size in the table storage corresponding 
to the area user identification, and the difference is 
compared with the input area size demand. 

If the difference is smaller than the area size 
demand in the above comparison step, an error 
indication is made since a vacant area is not avail- 
able (step S6). 

If the difference is equal to or larger than the 
area size demand, the area size demand is com- 
pared with the area size of the vacant area in the 
IC card. If the area size demand is larger than the 
vacant area, an error indication is made since the 
vacant area is not available (step S7). 

If the area size demand is equal to or smaller 
than the vacant area size, a new data field area is 
acquired from the vacant area of the IC card, an 
area user identification and an area size are set, 
and a data field is additionally formed. Thus, the 
processing is ended (step S8). 

As the area user identification, an identification 
of a service supplier or that for a group of service 
suppliers is used. 

Figure 6 is a block diagram for supplementarily 
explaining the system of the present invention. 
That is, from another point of view, the system 
shown in Fig. 4 can be considered as one having 
an arrangement shown in Fig. 6. 

A unit for using a memory accesses a use area 
registered in a unit for registration based on a 
demand for processing various services supplied 
from a contact. A table storage stores an area size 
of a data field that can be assigned to a memory 
with respect to processing of various services, e.g., 
the number of bytes. The memory has a plurality 
of data fields. The memory has data fields cor- 
responding to an area user who has already pro- 
vided a service using this IC card or corresponding 
to the types of service processing. 

Even if a given service is registered in advance 
in the table storage, if it has not been actually used 
yet, that is, if a card user does not wish to register 
the given service and does not register in a service 
company, no data field corresponding to the ser- 
vice is formed. 

In a unit for permission, an area size demand 
of new service processing supplied from an exter- 
nal apparatus through the contact is compared with 
a usable area size read out from the information 
storage table. As a result of comparison, if the area 
size demand is equal to or smaller than the usable 
area size, data corresponding to an address space 
of a size corresponding to one of the area size 



demand and the usable area size, e.g., a start 
address and a byte length of a data field area, are 
stored in the unit for registration, thus permitting 
the subsequent use. 

5 

Claims 

1. A system for data field area acquisition in an 
IC card for multiple services, said system com- 
w prising, at the level of the IC card : 

- a memory divided into a plurality of data 
fields (80-83) for storing data; 

- table storage means (5) for storing a 
plurality of area user identifications and 

75 area user authentication codes corre- 

sponding to the area user identifications; 

- area user identification input means (11); 

- area user authentication code input 
means (12); 

20 - authentication means (2) for comparing 

an area user identification and an authen- 
tication code, respectively entered by 
said input means (11, 12), with a cor- 
responding area user identification and 

25 an authentication code stored in said ta- 

ble storage means (5), to thereby deter- 
mine an authentic user; 
characterized in that : 
said table storage means (5) further 

30 stores, upon issuance of said IC card, 

usable memory area size information 
corresponding with each area user au- 
thentication code and representing the 
size of area allowed to be used by the 

35 authenticated user; 

and that the system further com- 
prises: 

- user area size calculating means (3) for 
calculating a remainder user area size for 

40 an authenticated user authenticated by 

said authentication means (2), on the ba- 
sis of the usable area size information 
corresponding to said authenticated user, 
stored in said table storage means (5) 

45 and the used area size representing the 

sum of area sizes of already formed data 
fields with respect to the corresponding 
area user identification ; 

- area size demand input means (13) for 
50 receiving a request for the acquisition of 

an area of given size in the data field 
corresponding to an area user identifica- 
tion; and 

- data field area acquiring means (4) con- 
55 trolled by said area size calculating 

means (3) for acquiring and forming the 
demanded area in a vacant area of the 
IC card on condition that said demanded 
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data field area is of a size less than or 
equal to said remainder usable area size 
and less than or equal to the vacant area 
size of the IC card. 

2. A system according to claim 1, wherein the 
area user authentication means (2) is operated 
by signals from the area user identification 
input portion, the authentication code input 
means, and the table storage means. 

3. A system according to claim 1, wherein said 
area size calculating means (3) is operated by 
signals from the area user authentication 
means (2), the area size demand input means 
(13), the table storage means (5), and the 
information storage means for respective data 
fields. 

Patentanspruche 

1. System zur Datenfeldbereichserfassung in ei- 
ner IC-Karte fur mehrfache Dienste, welches 
genannte System auf der Ebene der IC-Karte 
umfaBt: 

einen Speicher, der in eine Vielzahl von 
Datenfeldern (80 bis 83) geteilt ist, zum Spei- 
chern von Daten; 

eine Tabellenspeichereinrichtung (5) zum 
Speichern einer Vielzahl von Bereichsbenutzer- 
Identifikationen und Bereichsbenutzer- 
Authentisierungscodes entsprechend den Be- 
reichsbenutzer-ldentifikationen; 

eine Einrichtung (11) zum Eingeben von 
Bereichsbenutzer-ldentifikationen; 

eine Einrichtung (12) zum Eingeben von 
Bereichsbenutzer-Authentisierungscodes; 

eine Authentisierungseinrichtung (2) zum 
Vergleichen einer Bereichsbenutzer-ldentifika- 
tion und eines Authentisierungscodes, die je- 
weils von der genannten Eingabeeinrichtung 
(11, 12) eingegeben wurden, mit einer entspre- 
chenden Bereichsbenutzer-ldentifikation und 
einem Authentisierungscode, die in der ge- 
nannten Tabellenspeichereinrichtung (5) ge- 
speichert sind, urn dadurch einen authenti- 
schen Benutzer zu bestimmen; 

dadurch gekennzeichnet, daB: 

die genannte Tabellenspeichereinrichtung 
(5) ferner bei der Ausgabe der genannten IC- 
Karte verwendbare Speicher-BereichsgrdBenin- 
formationen speichert, die jedem Bereichsben- 
utzer-Authentisierungscode entsprechen und 
die GroBe des Bereichs, dessen Benutzung 
durch den authentisierten Benutzer zulassig 
ist, reprasentieren; 

und daB das System ferner umfaBt: 

eine BenutzerbereichsgrdBen-Berech- 



nungseinrichtung (3) zum Berechnen einer ver- 
bleibenden BenutzerbereichsgroBe fur einen 
authentisierten Benutzer, der durch die ge- 
nannte Authentisierungseinrichtung (2) authen- 

5 tisiert wird, auf Basis der verwendbaren Daten- 

bereichsgroBeninformationen entsprechend 
dem genannten authentisierten Benutzer, die in 
der genannten Tabellenspeichereinrichtung (5) 
gespeichert sind, und der verwendeten Be- 

10 reichsgroBe, welche die Summe aller Be- 

reichsgrdBen bereits gebildeter Datenfelder in 
bezug auf die entsprechende Bereichsbenut- 
zer-ldentifikation reprasentiert; 

eine BereichsgroBenanforderungs-Einga- 

75 beeinrichtung (13) zum Empfangen einer An- 

forderung zur Erfassung eines Bereichs gege- 
bener GroBe in dem Datenfeld entsprechend 
einer Bereichsbenutzer-ldentifikation; und 

eine Datenfeldbereichserfassungseinrich- 

20 tung (4), die von der genannten Bereichsgro- 

Ben-Berechnungseinrichtung (3) gesteuert wird, 
zum Erfassen und Bilden des angeforderten 
Bereichs in einem Leerbereich der IC-Karte 
unter der Bedingung, daB der genannte ange- 

25 forderte Datenfeldbereich eine GroBe aufweist, 

die kleiner oder gleich der genannten verblei- 
benden verwendbaren BereichsgroBe ist und 
kleiner oder gleich der LeerbereichsgroBe der 
IC-Karte ist. 

30 

2. System nach Anspruch 1, bei welchem die 
genannteBereichsbenutzer-Authentisierungsein- 
richtung (2) durch Signale vom Bereichsbenut- 
zer-ldentifikations-Eingabeteil, der Authentisie- 

35 rungscode-Eingabeeinrichtung und der Tabel- 

lenspeichereinrichtung betrieben wird. 

3. System nach Anspruch 1, bei welchem die 
genannte BereichsgroBen- 

40 Berechnungseinrichtung (3) durch Signale von 

der Bereichsbenutzer-Authentisierungseinrich- 
tung (2), der BereichsgroBenanforderungs-Ein- 
gabeeinrichtung (13), der Tabellenspeicherein- 
richtung (5) und der Informationsspeicherein- 

45 richtung fur entsprechende Datenfelder betrie- 

ben wird. 

Revendications 

50 1. Systeme destine a permettre I'acquisition d'ai- 
res de champs de donnees dans une carte a 
circuit integre pour services multiples, ledit 
systeme comprenant, au niveau de la carte a 
circuit integre : 
55 - une memoire divisee en une pluralite de 

champs de donnees (80 a 83) servant a 
memoriser des donnees ; 
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- un moyen de memorisation sous forme 
de table (5) servant a memoriser une 
pluralite d'identifications d'utilisateurs 
d'aires et des codes d'authentification 
d'utilisateurs d'aires correspondant aux 
identifications d'utilisateurs d'aires ; 

- un moyen (11) d'entree d'identification 
d'utilisateur d'aire ; 

- un moyen (12) d'entree de code d'au- 
thentification d'utilisateur d'aire ; 

- un moyen d'authentification (2) servant a 
comparer une identification d'utilisateur 
d'aire et un code d'authentification, res- 
pectivement introduit par lesdits moyens 
d'entree (11, 12), avec une identification 
d'utilisateur d'aire correspondante et un 
code d'authentification memorisees dans 
ledit moyen de memorisation sous forme 
de table (5), pour ainsi determiner un 
utilisateur authentique ; 

caracterise en ce que : 

ledit moyen de memorisation sous 
forme de table (5) memorise en outre, 
lors de la delivrance de ladite carte a 
circuit integre, des informations de tallies 
d'aires de memoire utilisables correspon- 
dant a chaque code d'authentification 
d'utilisateur d'aire et representant la taille 
d'aire dont I'utilisation par I'utilisateur au- 
thentifie est autorisee ; 

et en ce que le systeme comprend 
en outre : 

- un moyen (3) de calcul de taille d'aire 
d'utilisateur servant a calculer la taille 
d'aire d'utilisateur restante pour un utili- 
sateur authentifie qui a ete authentifie par 
ledit moyen d'authentification (2), sur la 
base de I'information de taille d'aire utili- 
sable correspondant audit utilisateur au- 
thentifie, emmagasinee dans ledit moyen 
de memorisation sous forme de table (5) 
et de la taille d'aire utilisee representant 
la somme des tallies des aires des 
champs de donnees deja formes relative 
a I'identification d'utilisateur d'aire cor- 
respondante ; 

- un moyen d'entree de demande de taille 
d'aire (13) destine a recevoir une deman- 
de pour I'acquisition d'une aire de taille 
donnee dans le champ de donnees cor- 
respondant a une identification d'utilisa- 
teur d'aire ; et 

- un moyen d'acquisition d'aire de champ 
de donnees (4) commande par ledit 
moyen de calcul de taille d'aire (3) et 
servant a acquerir et former I'aire de- 
mandee dans une aire vacante de la 
carte a circuit integre a la condition que 



ladite aire de champ de donnees deman- 
dee ait une taille inferieure ou egale a 
ladite taille d'aire utilisable restante et 
inferieure ou egale a la taille d'aire va- 
5 cante de la carte a circuit integre. 

2. Systeme selon la revendication 1 , ou le moyen 
d'authentification d'utilisateur d'aire (2) est acti- 
ve par des signaux venant de la partie d'entree 

w d'identification d'utilisateur d'aire, du moyen 

d'entree de code d'authentification, et du 
moyen de memorisation sous forme de table. 

3. Systeme selon la revendication 1, ou ledit 
75 moyen de calcul de taille d'aire (3) est active 

par des signaux venant du moyen d'authentifi- 
cation d'utilisateur d'aire (2), du moyen d'en- 
tree de demande de taille d'aire (13), du 
moyen de memorisation sous forme de table 
20 (5), et du moyen de memorisation d'informa- 

tions pour les champs de donnees respectifs. 
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